Privacy Policy

This page contains two important legal documents governing your privacy and the privacy of your health information at Pulse & Remedy, LLC. The first is our Notice of Privacy Practices, which is required by the Health Insurance Portability and Accountability Act (HIPAA) and describes how we use and protect your Protected Health Information (PHI) as a patient of our practice, your rights with respect to that information, and our legal obligations as a HIPAA-covered healthcare provider. The second is our Website Privacy Policy, which governs the collection, use, and protection of information collected from visitors to www.pulseandremedy.com. If you are a patient of Pulse & Remedy, LLC, both documents apply to you. If you are a website visitor who is not a patient, the Website Privacy Policy applies to your use of this Site. Please read both documents carefully. If you have any questions, contact us at info@pulseandremedy.com or (305) 699-6963.

Section 1.

PULSE & REMEDY, LLC
NOTICE OF PRIVACY PRACTICES
925 Arthur Godfrey Road, Suite 300 | Miami Beach, Florida 33140
Phone: (305) 699-6963 | Email: info@pulseandremedy.com | www.pulseandremedy.com

1. Who We Are and Who This Notice Covers
Pulse & Remedy, LLC (“P&R,” “we,” “us,” or “our”) is a HIPAA-covered healthcare provider operating a concierge direct primary care medical practice in Miami Beach, Florida. Our services include, but are not limited to: concierge primary care, functional medicine, IV infusion therapy, peptide therapy, hormone replacement therapy (HRT), weight management, anti-aging and longevity medicine, nutrition counseling, telemedicine consultations, and general internal medicine.

This Notice applies to all Protected Health Information created, received, maintained, or transmitted by P&R and all of P&R’s workforce members, including employed and contracted physicians, advanced practice providers, nurses, medical assistants, and administrative staff. All workforce members are trained to comply with this Notice and applicable HIPAA requirements.

2. What Is Protected Health Information (PHI)?
“Protected Health Information” or “PHI” means any individually identifiable health information that we create, receive, maintain, or transmit in connection with providing healthcare services to you. PHI includes information about:

• Your past, present, or future physical or mental health or condition
• The provision of healthcare to you, including treatments, medications, lab results, and diagnostic information
• Past, present, or future payment for healthcare provided to you

PHI may be in written, oral, or electronic form. “Electronic PHI” or “ePHI” refers to PHI stored or transmitted electronically and is subject to additional safeguards under the HIPAA Security Rule.

3. How We May Use and Disclose Your PHI
We use and disclose your PHI in the following ways. Uses and disclosures beyond those listed in this Section require your written authorization as described in Section 4.

3.1 Uses and Disclosures for Treatment, Payment, and Health Care Operations
HIPAA permits us to use and disclose your PHI without your authorization for the following core purposes:

Treatment
We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services. This includes sharing information with other healthcare professionals involved in your care — such as specialists, hospitals, pharmacies, laboratories, and other providers — to ensure you receive appropriate treatment. Examples include:
• Sharing your medical history, medications, and lab results with a specialist to whom we refer you
• Coordinating your care with a pharmacy for prescription fulfillment
• Communicating with a laboratory regarding diagnostic testing
• Sharing information with a covering provider during Dr. Mait’s absence

Payment
We may use and disclose your PHI to obtain payment for healthcare services provided to you, or to facilitate payment-related activities. Because P&R is a direct-pay, non-insurance practice, payment activities are limited. Examples include:
• Processing your membership fees, visit charges, and ancillary service fees
• Verifying your identity and financial information for billing purposes
• Responding to billing disputes or audits

Health Care Operations
We may use and disclose your PHI for our internal healthcare operations necessary to run our practice effectively and improve the quality of care. Examples include:
• Quality assurance and improvement activities, including peer review and clinical audits
• Training and education of our healthcare workforce
• Administrative, legal, and compliance activities
• Business planning, practice management, and operational evaluation
• Evaluating provider and staff performance
• Conducting or arranging for legal, financial, and compliance services

3.2 Other Permitted Uses and Disclosures Without Your Authorization
In addition to treatment, payment, and operations, HIPAA permits us to use or disclose your PHI without your written authorization in the following circumstances:

As Required by Law
We will disclose your PHI when required to do so by applicable federal, state, or local law, including in response to valid court orders, subpoenas, administrative orders, or other legal process.

Public Health Activities
We may disclose your PHI to public health authorities authorized to collect information for the purpose of preventing or controlling disease, injury, or disability, including reporting communicable diseases, adverse drug reactions, and child abuse or neglect as required by Florida law.

Health Oversight Activities
We may disclose your PHI to health oversight agencies (such as the Florida Department of Health, state medical boards, and the U.S. Department of Health and Human Services) for activities including audits, investigations, inspections, licensure proceedings, and other oversight activities authorized by law.

Judicial and Administrative Proceedings
We may disclose your PHI in response to a court or administrative order, or in response to a subpoena, discovery request, or other lawful process, subject to applicable safeguards.

Law Enforcement
We may disclose your PHI to law enforcement officials under specific, limited circumstances required by law — including to identify or locate a suspect, to report a crime on our premises, or in response to a court order or warrant.

Serious Threats to Health or Safety
We may use or disclose your PHI when necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public, consistent with applicable law and ethical standards.

Coroners, Medical Examiners, and Funeral Directors
We may disclose PHI to a coroner, medical examiner, or funeral director as authorized or required by law.

Organ and Tissue Donation
We may disclose PHI to organ procurement organizations or similar entities for the purpose of facilitating organ, eye, or tissue donation and transplantation, if you are an organ donor.

Research
We may use or disclose your PHI for research purposes, but only when a formal institutional review board or privacy board has approved a waiver of authorization, or when the research involves only PHI of deceased individuals, or when you have provided written authorization.

Workers’ Compensation
We may disclose your PHI to the extent necessary to comply with Florida workers’ compensation laws and other similar programs.

Military and National Security
If you are or were a member of the armed forces, or if you are a foreign military personnel, we may disclose your PHI as required by military command authorities or national security and intelligence activities authorized by law.

Inmates
If you are an inmate of a correctional institution, we may disclose your PHI to the institution or law enforcement officials as necessary for your health and the health and safety of others.

Appointment Reminders and Treatment Alternatives
We may use your PHI to contact you to provide appointment reminders, information about treatment alternatives, or health-related benefits and services that may be of interest to you. These communications will be made through channels you have authorized (phone, text, email) consistent with your preferences on file.

4. Uses and Disclosures That Require Your Written Authorization
For uses and disclosures of your PHI not described in Section 3, we will obtain your written authorization before using or disclosing your PHI. Certain categories require specific authorization:

You may revoke any authorization you have given us at any time, in writing. Your revocation will be effective from the date we receive it, except to the extent we have already relied on the authorization prior to revocation.

5. Special Protections Under Florida Law
Florida law provides additional privacy protections for certain categories of health information that may be more stringent than HIPAA. Where Florida law is more protective than HIPAA, we will comply with Florida law. Special protections apply to the following categories:

• HIV/AIDS Information: Florida Statute § 381.004 prohibits disclosure of HIV test results or AIDS-related information without specific written consent, with limited exceptions for treatment and public health reporting.
• Mental Health Records: Florida Statute § 394.4615 provides heightened protection for mental health treatment records and limits disclosure without patient authorization.
• Substance Abuse Treatment Records: Federal regulations (42 C.F.R. Part 2) and Florida law provide heightened protection for substance abuse treatment records, which require explicit patient consent for most disclosures.
• Genetic Information: The Florida Genetic Privacy Act (§ 760.40, Florida Statutes) and the federal Genetic Information Nondiscrimination Act (GINA) protect genetic information from unauthorized disclosure and use.
• Minors: Florida law contains specific provisions governing the circumstances under which minors may consent to their own treatment and the rights of parents or guardians to access minor patient records (§ 456.0575, Florida Statutes).
• Reproductive Health: Disclosures related to reproductive health services are subject to applicable state and federal law.

6. Your Rights Regarding Your PHI
You have the following rights with respect to your PHI. To exercise any of these rights, please submit a written request to our Privacy Officer using the contact information in Section 9. We will respond to your request within the timeframes required by HIPAA.

7. Our Duties and Obligations
P&R is required by law to:

• Maintain the privacy of your PHI in accordance with applicable law
• Provide you with this Notice of our legal duties and privacy practices with respect to PHI
• Abide by the terms of this Notice currently in effect
• Notify you in the event of a breach of your unsecured PHI
• Not use or disclose your PHI in a manner that is not described in this Notice without your written authorization, except as permitted by law

P&R reserves the right to change the terms of this Notice at any time. We may make the revised Notice effective for PHI that we already hold about you, as well as any PHI we receive in the future. The current version of this Notice is always available at our office and on our website at www.pulseandremedy.com. We will post the effective date of any revised Notice prominently.

8. Breach Notification
In the event of a breach of unsecured PHI, P&R will provide notification to you, to the U.S. Department of Health and Human Services (HHS), and as applicable to prominent media outlets, in accordance with the HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400–414):

• Individual notification will be provided by first-class mail (or email if you have specified email as your preferred communication method) without unreasonable delay and in no case later than 60 calendar days after discovery of the breach
• If the breach affects 500 or more residents of a state or jurisdiction, we will also notify prominent media outlets in that jurisdiction
• Breaches affecting 500 or more individuals will be reported to HHS contemporaneously; breaches affecting fewer than 500 individuals will be reported to HHS on an annual basis

Additionally, pursuant to the Florida Information Protection Act (FIPA), § 501.171, Florida Statutes, P&R will notify affected Florida residents of any breach of personal information within 30 days of determining that a breach has occurred.

Breach notifications will include: a description of the breach; the types of PHI involved; steps you can take to protect yourself; what P&R is doing to investigate the breach, mitigate harm, and prevent future breaches; and contact information for follow-up questions.

9. Complaints and Contact Information
Privacy Officer
If you have questions about this Notice, wish to exercise any of your rights, or have a complaint about our privacy practices, please contact our Privacy Officer:

Filing a Complaint with HHS
If you believe your privacy rights have been violated, you may file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR):

• Online: www.hhs.gov/ocr/complaints
• By phone: 1-800-368-1019 (TDD: 1-800-537-7697)
• By mail: U.S. Department of Health and Human Services, 200 Independence Avenue SW, Room 509F, HHH Building, Washington, D.C. 20201

You will NOT be penalized, retaliated against, or otherwise disadvantaged for filing a complaint with HHS or with P&R. We are prohibited by law from taking any retaliatory action against you for exercising your rights under HIPAA.

10. Telemedicine and Electronic Communications
P&R offers telemedicine consultations to enrolled patients. The following provisions apply to telemedicine and electronic health communications:

• Telemedicine sessions are conducted through designated HIPAA-compliant platforms. Information about the specific platform(s) used by P&R is available upon enrollment.
• Telemedicine sessions will not be recorded without your explicit, advance written consent. Any approved recordings are stored as ePHI and protected with the same safeguards as all other PHI.
• Text messages (SMS/MMS) sent to patients are intended for appointment reminders, care coordination, and non-sensitive communications. Patients should not transmit detailed PHI via unencrypted text messages. Secure communication channels are available through our patient portal or designated secure messaging platform.
• Email communications involving PHI are conducted through HIPAA-compliant email services where feasible. Standard email is not guaranteed to be secure, and patients who communicate via standard email acknowledge this limitation consistent with their signed consent.
• Electronic communications are subject to P&R’s privacy and security policies and are handled as PHI where applicable.

11. Business Associates
We may share your PHI with third-party vendors and service providers who perform functions on our behalf that require access to your PHI (“Business Associates”). Examples include: electronic health record (EHR) and practice management software vendors; billing and payment processors; telehealth platform providers; laboratory services; IT and security services; legal and compliance advisors; and other vendors providing practice-related services.

We require all Business Associates to execute a Business Associate Agreement (BAA) with P&R as required under HIPAA. Business Associates are contractually required to safeguard your PHI and to use it only for the purposes for which it was disclosed. If a Business Associate breaches its obligations, it is subject to both contractual liability and direct HIPAA enforcement by HHS.

12. Minimum Necessary Standard
When using or disclosing PHI, or when requesting PHI from another covered entity, P&R makes reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request. This minimum necessary standard does not apply to: disclosures to or requests by a healthcare provider for treatment; disclosures to the individual who is the subject of the PHI; uses or disclosures made pursuant to your written authorization; disclosures required for HIPAA compliance; or disclosures required by law.

PATIENT ACKNOWLEDGMENT OF RECEIPT
By viewing this website, you acknowledge that you have received and reviewed a copy of the Pulse & Remedy, LLC Notice of Privacy Practices. You understand how P&R may use and disclose my Protected Health Information (PHI), and you understand your rights with respect to your PHI. You understand that a copy of this acknowledgment will be maintained in your medical record.

You understand that if you refuse to accept this acknowledgment, P&R is required to document the attempt to obtain acknowledgment and the reason it was not obtained, and may still provide treatment to you.

Section 2.

PULSE & REMEDY, LLC
PRIVACY POLICY
www.pulseandremedy.com
Effective Date: April 1, 2026

This Privacy Policy describes how Pulse & Remedy, LLC, a Florida limited liability company (“P&R,” “we,” “us,” or “our”), collects, uses, discloses, retains, and protects information obtained from visitors to and users of our website at www.pulseandremedy.com (the “Site”). P&R operates a concierge direct primary care medical practice offering services including functional medicine, IV infusion therapy, peptide therapy, hormone replacement therapy, weight management, nutrition counseling, and general medicine at 925 Arthur Godfrey Road, Suite 300, Miami Beach, Florida 33140.

Please read this Privacy Policy carefully. By accessing or using this Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, please discontinue use of the Site.

IMPORTANT: This Privacy Policy governs information collected through this website only. If you are a patient of P&R, your Protected Health Information (PHI) is also governed by our separate Notice of Privacy Practices (NPP), which is available at our office and upon request, as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). See Section 5 for more information.

1. Scope and Applicability
This Privacy Policy applies to all visitors, users, and others who access or use this Site, regardless of geographic location. It covers personal information collected through: (a) direct interactions with website features including contact forms, inquiry forms, newsletter signups, and appointment request forms; (b) automated data collection technologies including cookies, pixels, and analytics tools; and (c) third-party sources including search engines and social media platforms that refer visitors to the Site.

This Policy does not apply to information collected through offline channels, by telephone, in person at our office, through third-party platforms or apps not operated by P&R, or through our patient portal or EHR system, which are governed by separate agreements and P&R’s HIPAA Notice of Privacy Practices.

2. Information We Collect
2.1 Information You Provide Directly
We collect information you voluntarily provide when you:

• Submit a contact, inquiry, or appointment request form (name, email address, phone number, and any message content you include)
• Sign up for our newsletter or email communications (name and email address)
• Participate in surveys, contests, or other interactive features
• Communicate with us via email or phone numbers listed on the Site

IMPORTANT: Do not submit Protected Health Information (PHI) — including symptoms, diagnoses, medications, lab results, or medical history — through general contact forms on this Site. This Site is not a HIPAA-secure communication platform. Enrolled patients should communicate PHI only through designated secure channels provided by P&R.

2.2 Information Collected Automatically
When you visit this Site, we and our third-party service providers automatically collect certain technical information, including:

• Device and browser information (browser type and version, operating system, device type, screen resolution)
• IP address and approximate geographic location derived from IP address
• Pages visited, time spent on pages, referring URLs, and clickstream data
• Search terms used to find our Site
• Interaction data including clicks, scrolls, and form interactions

This information is collected through cookies, web beacons, pixel tags, and similar tracking technologies as described in Section 4 below.

2.3 Information from Third Parties
We may receive information about you from third-party sources, including:

• Analytics providers (e.g., Google Analytics) that provide aggregated and individual-level traffic data
• Advertising platforms (e.g., Google Ads, Meta/Instagram) that provide data about how users arrived at our Site through paid advertising
• Social media platforms if you interact with P&R’s social media profiles or use social sharing features

3. How We Use Your Information
We use the information we collect for the following purposes:

• Responding to your inquiries, contact form submissions, and appointment requests
• Providing, operating, and improving this Site
• Sending you newsletters, practice updates, and health information communications (with your consent; you may opt out at any time)
• Analyzing Site traffic and user behavior to improve user experience and marketing effectiveness
• Detecting, preventing, and responding to fraud, security incidents, and other harmful or illegal activity
• Complying with applicable legal obligations, including HIPAA, FIPA, and other applicable law
• Enforcing our Terms of Service and other legal agreements

We do NOT use website-collected information to make clinical treatment decisions. No information submitted through this Site is used in lieu of a formal clinical evaluation.

3.1 Marketing and Advertising Use
We may use your contact information for direct marketing communications about P&R’s services, programs, and health information. We use analytics and advertising platforms to conduct targeted and retargeted advertising to users who have visited our Site. You may opt out of marketing communications at any time by:

• Clicking the ‘unsubscribe’ link in any marketing email
• Emailing us at docmait@pulseandremedy.com with the subject line ‘Marketing Opt-Out’
• Calling us at (305) 699-6963

Note: If you are a P&R patient, HIPAA restricts our ability to use your PHI for marketing purposes without your written authorization, except for certain treatment and healthcare operations communications. Our patient marketing practices are governed by our HIPAA Notice of Privacy Practices.

4. Cookies, Tracking Technologies, and Advertising Pixels
4.1 What We Use
This Site uses the following categories of tracking technologies:

• Essential / Functional Cookies: Required for the Site to function properly. These cannot be disabled without affecting Site functionality.
• Analytics Cookies: We use Google Analytics to understand how visitors interact with our Site. Google Analytics collects data including pages visited, time on Site, and traffic sources. To opt out of Google Analytics, visit: https://tools.google.com/dlpage/gaoptout/
• Advertising / Marketing Pixels: We may use advertising pixels from platforms including Google Ads and Meta (Facebook/Instagram) to measure the effectiveness of our advertising campaigns and to serve targeted advertisements to visitors. These pixels may collect your IP address and browsing behavior on our Site and associate it with your profile on those platforms.
• Session Replay / Behavior Tools: We may use tools that record mouse movements, clicks, and scrolling behavior in anonymized or pseudonymized form to improve Site usability.

4.2 IMPORTANT — Healthcare Tracking Technology Disclosure
P&R is aware of the HHS Office for Civil Rights (OCR) and Federal Trade Commission (FTC) joint guidance issued in 2023 regarding the use of online tracking technologies by healthcare providers. That guidance warns that tracking pixels embedded on healthcare websites may transmit PHI to third-party advertising platforms without patient authorization, potentially in violation of HIPAA.

P&R takes the following steps to mitigate this risk:

• We do not intentionally configure tracking pixels on pages where patients submit health information
• We do not use tracking technologies in a manner intended to transmit PHI to third-party advertising platforms
• We periodically audit our tracking technology implementations for HIPAA compliance

However, you should be aware that standard analytics and advertising tools may collect data about your browsing behavior on this Site. If you have concerns, you may use your browser’s private/incognito mode, install a browser-based ad blocker, or adjust your cookie preferences as described below.

4.3 Your Cookie Choices
You may control cookies through the following mechanisms:

• Browser Settings: Most browsers allow you to refuse or delete cookies through browser settings. Note that disabling cookies may affect Site functionality.
• Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout/
• Google Ad Settings: https://adssettings.google.com
• Meta Ad Preferences: https://www.facebook.com/ads/preferences
• Network Advertising Initiative Opt-Out: https://optout.networkadvertising.org
• Digital Advertising Alliance Opt-Out: https://optout.aboutads.info

5. HIPAA and Protected Health Information
P&R is a HIPAA-covered healthcare provider. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, governs the use and disclosure of Protected Health Information (PHI).

5.1 Notice of Privacy Practices
Our HIPAA Notice of Privacy Practices (NPP), which describes in detail how we use and disclose PHI in connection with your medical care, your rights as a patient, and our legal obligations, is available:

• At our office at 925 Arthur Godfrey Road, Suite 300, Miami Beach, FL 33140
• By request — contact us at docmait@pulseandremedy.com or (305) 699-6963

The NPP is a separate document from this Privacy Policy and applies to all PHI created, received, or maintained by P&R in connection with your healthcare, regardless of whether it was submitted through this Site.

5.2 Health Information Submitted Through This Site
If you voluntarily submit any health-related information through a contact form, inquiry form, or other feature of this Site, please note:

• This Site is not a HIPAA-secure communication platform
• General contact forms on this Site are not encrypted end-to-end and should not be used to transmit sensitive PHI
• Any health information you submit will be handled with reasonable care and consistent with our NPP to the extent applicable, but submission through a general website form does not carry the same protections as communications through our designated secure patient communication channels

5.3 Business Associates
Certain third-party service providers that assist P&R in operating this Site and our practice may have access to PHI in the course of providing their services and therefore qualify as HIPAA Business Associates. P&R enters into Business Associate Agreements (BAAs) with all such vendors as required by HIPAA. Current categories of Business Associate relationships include: website hosting and technology vendors; email and communication platform providers; practice management and EHR software; payment processors; and other vendors providing services involving access to PHI.

6. How We Share Your Information
We do not sell your personal information for monetary consideration. We may share your information in the following circumstances:

6.1 Service Providers and Vendors
We share information with third-party service providers who assist in operating the Site and our practice, including: website hosting providers; analytics platforms (Google Analytics); email marketing platforms; advertising platforms (Google, Meta); payment processors; CRM and practice management software; scheduling tools; and other operational vendors. All vendors with potential access to PHI are required to execute BAAs with P&R.

6.2 Legal Requirements and Protection of Rights
We may disclose your information when we believe in good faith that disclosure is required by law; to comply with a court order, subpoena, or legal process; to protect the rights, property, or safety of P&R, our patients, staff, or the public; or to detect, prevent, or address fraud or security incidents.

6.3 Business Transfers
If P&R is involved in a merger, acquisition, sale of assets, restructuring, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such transfer and any material changes to this Privacy Policy.

6.4 With Your Consent
We may share your information with third parties when you have given us your explicit consent to do so, including for testimonials, case studies, or referral programs you have opted into.

6.5 HIPAA-Permitted Disclosures
Disclosures of PHI are also governed by HIPAA. PHI may be disclosed for treatment, payment, and healthcare operations as described in our NPP, and as otherwise required or permitted by HIPAA.

6.6 California — Do Not Sell or Share
California residents have the right to opt out of the ‘sale’ or ‘sharing’ of their personal information as defined under the CCPA/CPRA. To exercise this right, please contact us at info@pulseandremedy.com or submit a request via the contact information in Section 10. We do not sell personal information for monetary consideration, but certain advertising-related data sharing may constitute ‘sharing’ under California law. California residents may also use the Global Privacy Control (GPC) browser signal as an opt-out mechanism.

7. Data Retention
We retain personal information collected through this Site for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by applicable law.

• Contact form submissions and general inquiries: Retained for up to 3 years from the date of submission for business operations and dispute resolution purposes
• Marketing and newsletter subscriber data: Retained until you opt out or request deletion, subject to applicable law
• Analytics and technical data: Retained per the applicable platform’s data retention settings (Google Analytics default: 14 months)
• Patient PHI: Retained in accordance with HIPAA requirements (minimum 6 years from creation or last effective date) and Florida law (minimum 5 years; 7 years for minors), as applicable. Retention of medical records is governed by our NPP.

You may request deletion of your personal information as described in Section 9. Please note that we may be required to retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements, even following a deletion request.

8. How We Protect Your Information
P&R implements administrative, physical, and technical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

• SSL/TLS encryption for data transmitted between your browser and our Site
• Encryption of stored data including portable devices and media
• Role-based access controls limiting employee access to personal information on a need-to-know basis
• Confidentiality agreements with all staff with access to personal information
• Regular security risk assessments consistent with HIPAA Security Rule requirements
• Intrusion detection and prevention monitoring
• Vendor due diligence reviews for all third-party service providers
• Employee training on privacy and security obligations

8.1 Data Breach Notification
In the event of a data security breach involving your personal information, P&R will notify affected individuals as required by applicable law, including:

• HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400–414): Notification of breaches affecting PHI will be provided without unreasonable delay and within 60 days of discovery. Breaches affecting 500 or more individuals in a state will also be reported to HHS and, in some cases, to prominent media outlets.
• Florida Information Protection Act (FIPA), § 501.171, Florida Statutes: Notification of Florida residents will be provided within 30 days of determination that a breach of personal information has occurred.

No data transmission over the internet or storage system is guaranteed to be 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Your Privacy Rights
9.1 General Rights (All Users)
Subject to applicable law, you have the following rights with respect to your personal information collected through this Site:

• Right to Access: Request a copy of the personal information we hold about you
• Right to Correction: Request correction of inaccurate or incomplete personal information
• Right to Deletion: Request deletion of your personal information, subject to legal retention obligations
• Right to Restrict Processing: Request that we limit the ways in which we use your information
• Right to Data Portability: Request that we transmit your personal information to another provider, where technically feasible
• Right to Withdraw Consent: Withdraw consent to processing at any time, where processing is based on your consent
• Right to Opt Out of Marketing: Opt out of direct marketing communications at any time
• Right to Opt Out of Targeted Advertising: Opt out of behavioral or interest-based advertising as described in Section 4.3

9.2 California Residents (CCPA/CPRA Additional Rights)
In addition to the rights above, California residents have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Know the categories and specific pieces of personal information collected, the purposes for which it is used, and the categories of third parties with whom it is shared
• Right to Opt Out of Sale/Sharing: Opt out of the sale or sharing of personal information for cross-context behavioral advertising
• Right to Limit Use of Sensitive Personal Information: Limit our use of sensitive personal information (including health information) to necessary purposes
• Right to Non-Discrimination: Exercise privacy rights without discrimination in services or pricing

California residents may submit requests through the contact information in Section 10. We will respond within 45 days of receipt, with a possible 45-day extension when reasonably necessary.

9.3 HIPAA Patient Rights
If you are a P&R patient, you have additional rights with respect to your PHI under HIPAA, including the rights to access, amend, receive an accounting of disclosures, request restrictions, and file a complaint with HHS. These rights are described in full in our HIPAA Notice of Privacy Practices.

9.4 Exercising Your Rights
To exercise any of the rights described above, please submit a request to:

Pulse & Remedy, LLC — Privacy Officer
925 Arthur Godfrey Road, Suite 300
Miami Beach, Florida 33140
Email: docmait@pulseandremedy.com
Phone: (305) 699-6963

To protect your privacy, we will verify your identity before processing your request. Verification requires: full name, email address, phone number, and mailing address. We will respond to most requests within 30–45 days. We will notify you if we need additional time or if we are unable to fulfill your request, along with the reason for any denial.

10. Children’s Privacy
This Site is intended for use by adults and is not directed to children under the age of 13. P&R does not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take prompt steps to delete such information in accordance with the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq.

If you are a parent or guardian and believe your child under 13 has provided personal information to us, please contact us immediately at info@pulseandremedy.com.

11. Do Not Track and Global Privacy Control
Do Not Track (DNT) is a browser preference signal indicating that you do not want to be tracked across websites. This Site does not currently alter its data collection practices in response to browser-level DNT signals.

However, we do honor the Global Privacy Control (GPC) signal for California residents as a valid opt-out of the sale and sharing of personal information under CCPA/CPRA. If you use a browser or browser extension that transmits GPC, we will treat it as a valid opt-out request.

For all users, you may opt out of tracking-based advertising through the mechanisms described in Section 4.3.

12. Third-Party Websites and Links
This Site may contain links to third-party websites. This Privacy Policy does not apply to third-party websites, and P&R is not responsible for the privacy practices of any website it does not own or operate. We encourage you to review the privacy policies of any third-party websites you visit. The presence of a link does not constitute P&R’s endorsement of that website.

13. Telemedicine and Digital Health Services
P&R offers telemedicine consultations to enrolled patients through designated secure telehealth platforms. Communications conducted through these platforms are subject to P&R’s HIPAA Notice of Privacy Practices and the privacy policies of the specific platform used. Information about telehealth platforms used by P&R is available upon enrollment.

Telemedicine sessions may be recorded only with your explicit advance consent, consistent with Florida’s wiretapping statute (§ 934.03, Florida Statutes) and HIPAA. Any recordings are stored securely and handled as PHI under our NPP.

14. Data Location and Transfers
All of P&R’s data processing activities take place within the United States. We do not intentionally transfer personal information outside of the United States. If you access this Site from outside the United States, your information will be processed and stored in the United States, which may have different data protection laws than your country of residence.

15. Changes to This Privacy Policy
P&R reserves the right to update or modify this Privacy Policy at any time. When we make material changes, we will: (a) post the revised Privacy Policy on this Site with an updated effective date; and (b) where required by applicable law or where we deem it appropriate, provide additional notice such as a prominent website notice or email notification to subscribers. Your continued use of the Site after the effective date of any revised Privacy Policy constitutes your acceptance of the changes.

16. Contact Information; Privacy Officer
For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact:

Pulse & Remedy, LLC
Privacy Officer / CEO: Dr. Jarred Mait
925 Arthur Godfrey Road, Suite 300
Miami Beach, Florida 33140
Phone: (305) 699-6963
Email: docmait@pulseandremedy.com
Website: www.pulseandremedy.com

For complaints regarding our privacy practices that cannot be resolved directly with P&R, you may contact:

• The U.S. Department of Health & Human Services, Office for Civil Rights (for HIPAA complaints): www.hhs.gov/ocr or 1-800-368-1019
• The Federal Trade Commission (for general privacy complaints): www.ftc.gov/complaint
• Florida Attorney General (for violations of Florida law): myfloridalegal.com